summaryrefslogtreecommitdiff
path: root/pkg/specgen
Commit message (Collapse)AuthorAge
* pkg, specgen: do not hardcode user=0 in the config if not specifiedGiuseppe Scrivano2020-04-28
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #6000 from mheon/volume_backend_flagsOpenShift Merge Robot2020-04-27
|\ | | | | Add support for volumes-from, image volumes, init
| * Improve Entrypoint and Command supportMatthew Heon2020-04-27
| | | | | | | | | | | | | | | | | | | | | | | | | | We should not be overwriting the Specgen's Command and Entrypoint when building the final command to pass in the OCI spec. Both of these will be provided to Libpod for use in `podman inspect` and committing containers, and both must be set to the user's input, not overwritten by the image if unset. Fix this by moving command generation into OCI spec generation and not modifying the SpecGenerator when we do so. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Add support for volumes-from, image volumes, initMatthew Heon2020-04-27
| | | | | | | | | | | | | | | | | | | | | | This should complete Podmanv2's support for volume-related flags. Most code was sourced from the old pkg/spec implementation with modifications to account for the split between frontend flags (volume, mount, tmpfs) and the backend flags implemented here. Also enables tests for podman run with volumes Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | namespaces: accept pod namespaceGiuseppe Scrivano2020-04-27
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #5994 from giuseppe/fix-healthchecksOpenShift Merge Robot2020-04-27
|\ | | | | v2, podman: fix healthchecks
| * specgen: read healthchecks from the imageGiuseppe Scrivano2020-04-27
| | | | | | | | | | | | | | if there is no healthcheck configuration specified, read it from the image. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | specgen: relax test to accept default networkGiuseppe Scrivano2020-04-27
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | spec, pod: honor --dnsGiuseppe Scrivano2020-04-27
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #5971 from giuseppe/fix-userns-testsOpenShift Merge Robot2020-04-24
|\ | | | | v2, podman: fix and enable all run_userns_test.go tests
| * podman: implement userns=keep-idGiuseppe Scrivano2020-04-24
| | | | | | | | | | | | | | add missing implementation for userns=keep-id and enable the user namespaces tests. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5967 from giuseppe/run-test-fixesOpenShift Merge Robot2020-04-24
|\ \ | | | | | | v2, tests: fix various run_test.go failures
| * | podman: add support for --rootfsGiuseppe Scrivano2020-04-24
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | specgen: fix error messageGiuseppe Scrivano2020-04-24
| | | | | | | | | | | | | | | | | | the check is correct but the error message was stating the opposite. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | create: move validate after setting default nsGiuseppe Scrivano2020-04-24
| |/ | | | | | | | | | | validate the configuration only after we set the default namespaces. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / Do not join pod namespaces without an infra ctrMatthew Heon2020-04-24
|/ | | | | | | | | | | We do not want to join pod namespaces if no infra container is present. A pod may claim it shares namespaces without an infra container (I'll take an action item to fix that - it really should not be allowed), which was tripping up our default namespace code and forcing us to try and join the namespaces of the nonexistant infra container. Signed-off-by: Matthew Heon <mheon@redhat.com>
* podman: handle namespaces specified on the CLIGiuseppe Scrivano2020-04-23
| | | | | | | and handle differently the user namespace as it supports additional options. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* pkg: fix shmsize error messageGiuseppe Scrivano2020-04-23
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Enable basic volumes support in Podmanv2Matthew Heon2020-04-22
| | | | | | | | This enables the --volume, --mount, and --tmpfs flags in Podmanv2. It does not enable init-related flags, image volumes, and --volumes-from. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Modify namespace generation code for specgenMatthew Heon2020-04-21
| | | | | | | | | | | | Namespaces have now been changed to properly handle all cases. Spec handling code for namespaces was consolidated in a single function. Still missing: - Image ports - Pod namespaces likely still broken in Podmanv2 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #5921 from baude/v2imageepOpenShift Merge Robot2020-04-21
|\ | | | | add entrypoint from image where needed
| * add entrypoint from image where neededBrent Baude2020-04-21
| | | | | | | | | | | | if the image specifies both the image and entrypoint, we need to account for that and preprend the entrypoint to the command. this only happens if no user command and entrypoint were supplied. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #5912 from giuseppe/v2-rlimitsOpenShift Merge Robot2020-04-21
|\ \ | |/ |/| v2, pkg: implement rlimits
| * pkg: implement rlimitsGiuseppe Scrivano2020-04-21
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #5913 from rhatdan/v2OpenShift Merge Robot2020-04-21
|\ \ | | | | | | More fixes for podman create tests
| * | Handle annotations passed in via the clientDaniel J Walsh2020-04-21
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #5647 from rhatdan/containers.confOpenShift Merge Robot2020-04-21
|\ \ \ | |/ / |/| | Update podmanV2 to use containers.conf
| * | Update podman to use containers.confDaniel J Walsh2020-04-20
| | | | | | | | | | | | | | | | | | | | | | | | Add more default options parsing Switch to using --time as opposed to --timeout to better match Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #5875 from rhatdan/networkOpenShift Merge Robot2020-04-21
|\ \ \ | |_|/ |/| | Cleanup network option parsing
| * | Cleanup network option parsingDaniel J Walsh2020-04-19
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We were not handling the parsing of --ip. This pr adds validation checks and now will support the flag. Move validation to the actual parsing of the network flags. We should only parse the dns flags if the user changed them. We don't want to pass default options if set in containers.conf to the server. Potential for duplicating defaults. Add support for --dns-opt flag passing Begin handling of --network flag, although we don't have a way right now to translate a string into a specgen.Namespace. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Handle Linux Capabilities correctlyDaniel J Walsh2020-04-20
| | | | | | | | | | | | | | | | If user sets capabilities list we need handle minimal capabilities. Also handle seccomp-policy being passed in. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add functions to return image informationsDaniel J Walsh2020-04-20
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* V2 Enable rootlessJhon Honce2020-04-16
| | | | | | | | | | | | | * Enable running podman V2 rootless * Fixed cobra.PersistentPreRunE usage in all the commands * Leveraged cobra.PersistentPreRunE/cobra.PersistentPostRunE to manage: * rootless * trace (--trace) * profiling (--cpu-profile) * initializing the registry copies of Image/Container engines * Help and Usage templates autoset for all sub-commands Signed-off-by: Jhon Honce <jhonce@redhat.com>
* podman v2 remove bloat v2Brent Baude2020-04-16
| | | | | | rid ourseleves of libpod references in v2 client Signed-off-by: Brent Baude <bbaude@redhat.com>
* Fix up SELinux labelingDaniel J Walsh2020-04-15
| | | | | | SELinux label options processing fixes, should allow system tests to pass. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* v2specgen prune libpodBrent Baude2020-04-14
| | | | | | use libpod only in the specgen/generate package so that the remote clients do not inherit libpod bloat. Signed-off-by: Brent Baude <bbaude@redhat.com>
* Fixes for load and other system testsBrent Baude2020-04-13
| | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* v2podman container createBrent Baude2020-04-03
| | | | | | create a container in podmanv2 using specgen approach. this is the core implementation and still has quite a bit of code commented out specifically around volumes, devices, and namespaces. need contributions from smes on these parts. Signed-off-by: Brent Baude <bbaude@redhat.com>
* pkg/spec.InitFSMounts: fix mount opts in placeKir Kolyshkin2020-04-01
| | | | | | | ... rather than create a new slice and then make the caller replace the original with the new one. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* Add support for containers.confDaniel J Walsh2020-03-27
| | | | | | | vendor in c/common config pkg for containers.conf Signed-off-by: Qi Wang qiwan@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podmanv2 pod create using podspecgenBrent Baude2020-03-27
| | | | | | | | using the factory approach similar to container, we now create pods based on a pod spec generator. wired up the podmanv2 pod create command, podcreatewithspec binding, simple binding test, and apiv2 endpoint. also included some code refactoring as it introduced as easy circular import. Signed-off-by: Brent Baude <bbaude@redhat.com>
* apiv2 add default network in specgenBrent Baude2020-03-26
| | | | | | | | when a network is not provided, we should set a default mode based on rootless or rootfull. Fixes: #5366 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5579 from mtrmac/macOS-unit-testsOpenShift Merge Robot2020-03-21
|\ | | | | Make macOS unit tests runnable
| * Fix the pkg/specgen/SpecGenerator.getSeccompConfig stubMiloslav Trmač2020-03-20
| | | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | Add basic structure of a spec generator for podsMatthew Heon2020-03-20
|/ | | | | | This will be used for remote creation of pods initially. Signed-off-by: Matthew Heon <mheon@redhat.com>
* auto updatesValentin Rothberg2020-03-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support to auto-update containers running in systemd units as generated with `podman generate systemd --new`. `podman auto-update` looks up containers with a specified "io.containers.autoupdate" label (i.e., the auto-update policy). If the label is present and set to "image", Podman reaches out to the corresponding registry to check if the image has been updated. We consider an image to be updated if the digest in the local storage is different than the one of the remote image. If an image must be updated, Podman pulls it down and restarts the container. Note that the restarting sequence relies on systemd. At container-creation time, Podman looks up the "PODMAN_SYSTEMD_UNIT" environment variables and stores it verbatim in the container's label. This variable is now set by all systemd units generated by `podman-generate-systemd` and is set to `%n` (i.e., the name of systemd unit starting the container). This data is then being used in the auto-update sequence to instruct systemd (via DBUS) to restart the unit and hence to restart the container. Note that this implementation of auto-updates relies on systemd and requires a fully-qualified image reference to be used to create the container. This enforcement is necessary to know which image to actually check and pull. If we used an image ID, we would not know which image to check/pull anymore. Fixes: #3575 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* add default network for apiv2 createBrent Baude2020-03-06
| | | | | | | | | | | | | during container creation, if no network is provided, we need to add a default value so the container can be later started. use apiv2 container creation for RunTopContainer instead of an exec to the system podman. RunTopContainer now also returns the container id and an error. added a libpod commit endpoint. also, changed the use of the connections and bindings slightly to make it more convenient to write tests. Fixes: 5366 Signed-off-by: Brent Baude <bbaude@redhat.com>
* golangci: enable goimportsValentin Rothberg2020-03-05
| | | | | | Enable the goimports linter and fix reports. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Allow devs to set labels in container images for default capabilities.Daniel J Walsh2020-03-02
| | | | | | | | | | | | | | | | This patch allows users to specify the list of capabilities required to run their container image. Setting a image/container label "io.containers.capabilities=setuid,setgid" tells podman that the contained image should work fine with just these two capabilties, instead of running with the default capabilities, podman will launch the container with just these capabilties. If the user or image specified capabilities that are not in the default set, the container will print an error message and will continue to run with the default capabilities. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* spec: allow container alias name in lookupGiuseppe Scrivano2020-02-26
| | | | | | | | Previously --uts=container: expected the full container ID. Closes: https://github.com/containers/libpod/issues/5289 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>